1. Field of the Invention
The present invention relates to techniques for providing security in database systems. More specifically, the present invention relates to a method and an apparatus for controlling access to personally identifiable information (PII) in database systems.
2. Related Art
The ubiquity of the Internet makes many types of personal information easily accessible to more people than ever before. Organizations can use this information to market products to their customers more efficiently than ever before. However, the availability of personal information through unrestricted data sharing has also led to increases in identity theft and Internet fraud. A recent report from the Federal Trade Commission (FTC) estimates that Internet fraud victims lost close to $54M in the year 2002, which is up from $17M in 2001.
A number of laws have been enacted to combat this growing problem. For example, California Senate Bill 1386, effective Jul. 1, 2003, requires that companies inform customers of breaches of PII to help protect them against identity theft. This mandate applies to any person or organization that holds personal information about California residents. Note that the scope of this bill is unusually large, because unlike other regulations which typically apply to specific industries, this bill encompasses all industries and sectors.
Furthermore, consumers are becoming increasingly sensitive to privacy issues. Increasing volumes of direct marketing via email and the overwhelming volume of spam have increased consumer privacy concerns and the likelihood that individuals will opt out of various forms of communication through multiple channels. Moreover, the sharing of information with partners or other third parties is a concern for consumers who value their privacy and are wary of potential abuse. Consequently, today's customers, especially when working online, look for hallmarks of trust and for brands that they can count on to safeguard their personal information from misuse and wrongful access.
As a result of these trends, privacy is becoming not just an important compliance issue but an essential business issue. As competition on the Internet continues to drive down pricing on consumer goods, the importance of customer loyalty increases. Furthermore, when price is no longer a differentiator, service and trust become more important factors in customer retention, and businesses can use effective data privacy practices as competitive differentiators. Hence, in today's business climate, companies can reap substantial rewards by addressing privacy concerns and building trust.
To summarize, reliable privacy protection is something organizations cannot afford to dismiss. Every organization that collects personal information about customers or employees must protect the privacy of that data both to comply with regulatory requirements and to build customer confidence and trust.
Hence, what is needed is a method and an apparatus for effectively controlling access to personally identifiable information (PII).